Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Fraudsters add IM to phishing attacks

With online bank credentials selling for as much as $1,000 per compromised account it is well within the possibility for cybercriminals to establish a call center, adding in technologies used by legitimate companies.

Suggesting this may already be in the prototype stage customers from one US bank were targeted with spam that included IM chat. This ‘chat-in-the-middle” form is for the hackers to persuade users to answer security questions that would have the user handing over their names, address, phone number and other sensitive information.

Click here for more information.

Antivirus Rarely Catches Zbot Zeus Trojan

With the Zbot botnet consisting of 3.6 million computers in the US, Zeus is the top financial Trojan that represents 44% of today’s financial malware infections.

Recent research shows the botnet is only detected by up-dated anti-virus packages 23% of the time. The bot, with its various mutations, is effective at hiding itself within a computer’s OS.

Click here for more information.

IETF forges botnet clean-up standard

As reported in the September 15 version of the News Bits, the Australian government is working to address how ISPs can take down botnets by identifying them and notifying a computer’s owner about their computer’s infection and ways to clean the system from being a bot.

The IETF is doing something similar with their draft proposal of “Recommendations for the Remediation of Bots in ISP Networks”. Part of the document covers how to detect botnets. This is currently in the draft stage with the IETF inviting feedback on the proposals.

Click here for more information.

US healthcare data plan slammed for encryption get-out clause

A new law that goes into effect September 23rd will protect organizations who use encryption to protect their clients. If data is breached AND the data was encrypted, organizations will not need to inform their customers of the data breach. Only if the data was not encrypted will users need to be notified of such breaches.

Comment: It can be seen where this will provide incentive for other organizations to ensure data is encrypted. However it sounds as if once encrypted data can never be hacked.

Click here for more information.

EU seeks to close digital divide with broadband aid

With the goal of making the EU 100% covered with broadband by 2010 the EU Commission released guidelines specifying how public funds may be used to help companies rollout broadband networks.

While still relying on private organizations to fund most of the costs, the Commission’s rules would make it easer for funds to be obtained for projects in areas where broadband does not exist. Obtaining funds would be more difficult in areas where there is already more than one network operator.

Click here for more information.